3 days ago I created 3 certificates on a server with lot’s of domain.
Yesterday I tried a renewal of one of them, but I discovered that the certificate folder changes in something like domain.com-001. This obviously make the job of renewing without editing the virtualhost file more complex.
Is there a way to force the certificate destination folder?
Did you pass the exact same domain names in the command? It shouldn’t change folder names unless you requested a different set of names for the new certificate.
I asked the exact same name.
The only difference is that I put -d domain.com
instead of
-d domain.com -d www.domain.com
Can be the issue?
Yes. It would be a different certificate. The earlier one was for “domain.com” and “www.domain.com” while the second one you requested was for “domain.com” only.
I have not seen that problem even when requesting additional names.
AFAIK it takes the first domain passed with the “-d” option and creates a folder with that name in “/etc/letsencrypt/live/”
It has always asked me if I want to replace, never just created a separate folder with the certs.
Thanks guys.
Now it works.
Noticed only now that my cert say
CN = happy hacker fake CA
What does it mean?
You’re using the staging server (useful for testing), which uses a non-trusted CA certificate.
Make sure you use the production API - that’s --server https://acme-v01.api.letsencrypt.org/directory with the official client.
I put it in the .cli file but maybe it doesn’t work.
Forcing it on the command it works, but using the cli seems to not work.
Did you specify the file using “–config filename.cli” ?
I also saw some post regarding specifying the full path to the config file.
Yes
./letsencrypt-auto --config /etc/letsencrypt/cli.ini …